CiviCRM Core issueshttps://lab.civicrm.org/dev/core/-/issues2023-08-07T12:11:55Zhttps://lab.civicrm.org/dev/core/-/issues/4458Error when viewing contact-info profile without "view deleted contacts" permi...2023-08-07T12:11:55ZcolemanwError when viewing contact-info profile without "view deleted contacts" permissionThe change in b7edabe813db467aff6dd1ea083d798089198655 switched the profile to use APIv4 to fetch email id for constructing an email link. The API call looks like this:
```php
$emailID = Email::get()->setOrderBy(['is_primary' => 'DES...The change in b7edabe813db467aff6dd1ea083d798089198655 switched the profile to use APIv4 to fetch email id for constructing an email link. The API call looks like this:
```php
$emailID = Email::get()->setOrderBy(['is_primary' => 'DESC'])->setWhere([['contact_id', '=', $this->_id], ['email', '=', $email], ['on_hold', '=', FALSE], ['contact_id.is_deceased', '=', FALSE], ['contact_id.is_deleted', '=', FALSE], ['contact_id.do_not_email', '=', FALSE]])->execute()->first()['id'];
```
It was reported on SE that this fails for users without "view deleted contacts", however I'm unable to reproduce.
See https://civicrm.stackexchange.com/questions/45313/invalid-field-contact-id-is-deceased-apiv4
This should have already been double-fixed by:
- [Revert "Add permission metadata to contact is_deleted field" #22203](https://github.com/civicrm/civicrm-core/pull/22203)
- [APIv4 - Silently ignore non-permissioned fields instead of throwing exceptions #20724](https://github.com/civicrm/civicrm-core/pull/20724)https://lab.civicrm.org/dev/core/-/issues/4457Entity Reference Custom Field not working as filter in "regular" search2023-10-03T21:46:14ZjensschuppeEntity Reference Custom Field not working as filter in "regular" searchFollow-up to #3721. @fabian_SYSTOPIA found out that filtering doesn't work correctly.
Not sure this is to be fixed, as it's related to the "old-style" searches ...
## Steps to reproduce
* Create an Entity Reference Custom Field on the...Follow-up to #3721. @fabian_SYSTOPIA found out that filtering doesn't work correctly.
Not sure this is to be fixed, as it's related to the "old-style" searches ...
## Steps to reproduce
* Create an Entity Reference Custom Field on the *Participant* entity for referencing an *Event* entity
* Edit a participant and fill out the field by selecting an event
* Use the *Find Participants* search and try to limit the search result to participants with the event previously selected in that field
* Notice that all participants are being found, not only that one with the entity reference field being filledhttps://lab.civicrm.org/dev/core/-/issues/4442Add action to convert smart group to regular group2023-08-31T16:33:25ZyashodhaAdd action to convert smart group to regular groupThere are cases when smart groups have actually run their course. The list is not going to change after a while so no need keeping the group smart esp when the criteria is quite complex and increases the load time. The idea here is keep ...There are cases when smart groups have actually run their course. The list is not going to change after a while so no need keeping the group smart esp when the criteria is quite complex and increases the load time. The idea here is keep only those groups that are needed as smart/dynamic so that it prevents unnecessary process of re-calculating the groups that just shouldn't be if deletion of the group is not an option.
In such cases, provide the ability to convert smart group to regular group.
Proposal : Provide action link for smart groups to convert to regular group.
- refresh the smart group
- move from the group contact cache to group contacts
- unset the saved search on the groupyashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4388Order of constructor params for QuickForms2023-07-11T16:25:57Zluke.stewartOrder of constructor params for QuickFormsThere is a bit of chaos in param order here as encounted on related issue - is this something that we should be concerned about in this point of the lifecycle using Quickforms? Maybe if it's not broken we shouldn't fix?
Below list is a...There is a bit of chaos in param order here as encounted on related issue - is this something that we should be concerned about in this point of the lifecycle using Quickforms? Maybe if it's not broken we shouldn't fix?
Below list is a result of grep and then manual copy and paste and spacing to try and match up like orderings.
```
xbutton.php: function __construct($elementName = null, $elementContent = null, $attributes = null)
advmultiselect.php: function __construct($elementName = null, $elementLabel = null,
element.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
file.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
input.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
password.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
textarea.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
text.php: function __construct($elementName=null, $elementLabel=null, $attributes=null)
hiddenselect.php:function __construct($elementName=null, $elementLabel=null, $options=null, $attributes=null)
select.php: function __construct($elementName=null, $elementLabel=null, $options=null, $attributes=null)
autocomplete.php:function __construct($elementName=null, $elementLabel=null, $options=null, $attributes=null)
date.php: function __construct($elementName=null, $elementLabel=null, $options=array(), $attributes=null)
hierselect.php: function __construct($elementName=null, $elementLabel=null, $attributes=null, $separator=null)
static.php: function __construct($elementName=null, $elementLabel=null, $text=null)
checkbox.php: function __construct($elementName=null, $elementLabel=null, $text='', $attributes=null)
advcheckbox.php: function __construct($elementName=null, $elementLabel=null, $text=null, $attributes=null, $values=null)
radio.php: function __construct($elementName=null, $elementLabel=null, $text=null, $value=null, $attributes=null)
button.php: function __construct($elementName=null, $value=null, $attributes=null)
reset.php: function __construct($elementName=null, $value=null, $attributes=null)
submit.php: function __construct($elementName=null, $value=null, $attributes=null)
link.php: function __construct($elementName=null, $elementLabel=null, $href=null, $text=null, $attributes=null)
group.php: function __construct($elementName=null, $elementLabel=null, $elements=null, $separator=null, $appendName = true, $attributes = null)
image.php: function __construct($elementName=null, $src='', $attributes=null)
header.php: function __construct($elementName=null, $text = null)
hidden.php: function __construct($elementName=null, $value='', $attributes=null)
Page.php: function __construct($formName, $method = 'post', $target = '', $attributes = null)
Controller.php: function __construct($name, $modal = true)
html.php: function __construct($text = null)
```https://lab.civicrm.org/dev/core/-/issues/4386Contact tags don't work when triggered using the CiviRules action on Contact ...2023-06-20T13:49:44Zhitesh_compucorpContact tags don't work when triggered using the CiviRules action on Contact formOverview
----------------------------------------
When using the CiviRules extension there is an issue where adding tags to a contact does not work as expected while adding new contact using contact form. The problem arises when a rule ...Overview
----------------------------------------
When using the CiviRules extension there is an issue where adding tags to a contact does not work as expected while adding new contact using contact form. The problem arises when a rule is triggered for `Add Tag to Contact` action, causing it to remove any tags added by CiviRules before saving the contact form.
Reproduction steps
----------------------------------------
1. Create new CiviRules having Trigger as `Contact of any type is added` and Action as `Add Tag to Contact`
1. Create new contact
1. Contact tags configured by Civirules gets removed once the form is saved.
![issue_civirules](/uploads/8dcb8cc83041c41d1a2b7c48ac2df4b2/issue_civirules.gif)
Current behaviour
----------------------------------------
Tags configured from Civirules gets removed while saving contact form.
Expected behaviour
----------------------------------------
Civirules Tags shouldn't get deleted once we add new contact using contact form.
Environment information
----------------------------------------
* __CiviCRM:__ Master
* __CMS:__ Drupal 7.30
PR - https://github.com/civicrm/civicrm-core/pull/26580https://lab.civicrm.org/dev/core/-/issues/4381CiviReport: default orientation for pdf output2023-06-22T08:23:40ZJanecCiviReport: default orientation for pdf outputOverview
----------------------------------------
I was unable to set the orientation for pdf output of reports.
Example use-case
----------------------------------------
1. Configure a PDF output format in settings
1. Use the "print PD...Overview
----------------------------------------
I was unable to set the orientation for pdf output of reports.
Example use-case
----------------------------------------
1. Configure a PDF output format in settings
1. Use the "print PDF letter"-action
Current behaviour
----------------------------------------
You PDF-report will be in landscape
Proposed behaviour
----------------------------------------
Use the configured setting.
Comments
----------------------------------------
Removing the hard coded value solves thishttps://lab.civicrm.org/dev/core/-/issues/4371AdminUI: Find contact should follow the setting "Search Primary Details Only"2023-06-20T13:19:52ZsamuelsovAdminUI: Find contact should follow the setting "Search Primary Details Only"The new "Find Contacts" shipped with Admin UI search only for Primary Email but we should take he setting "Search Primary Details Only" into account the way it is without AdminUI :
![ksnip_20230616-141644](/uploads/9441fba97690e6df4bc88...The new "Find Contacts" shipped with Admin UI search only for Primary Email but we should take he setting "Search Primary Details Only" into account the way it is without AdminUI :
![ksnip_20230616-141644](/uploads/9441fba97690e6df4bc883613ac9eb27/ksnip_20230616-141644.png)samuelsovsamuelsovhttps://lab.civicrm.org/dev/core/-/issues/4367Apiv4 Order api2023-12-02T04:28:01ZeileenApiv4 Order api
There is general agreement that the biggest issue with the v3 api is the confusing arrays it requires. My preference in fact is for a fairly non-standard Order api - ie
```
Order::create()
->setContributionParameters([
'conta...
There is general agreement that the biggest issue with the v3 api is the confusing arrays it requires. My preference in fact is for a fairly non-standard Order api - ie
```
Order::create()
->setContributionParameters([
'contact_id' => 56,
'financial_type_id:name' => 'Donation',
])
->addLineItem([
'price_field_value_id:name' => 'student_rate',
'entity_id.role_id:name' => 'Attended',
'entity_id.contact_id' => 87,
'entity_id.event_id' => 6,
'entity_table' => 'civicrm_participant',
])
->execute();
```
On update we would have actions like `addLineItem`, `removeLineItem`
Obviously this starts to highlight a whole lot of issues
**1) at the contribution params level**
there are some parameters that we have long-standing discussions around - financial_type_id, receive_date, payment_instrument_id. I think we should probably not start with talking about those as we might never get any further
**2) line items**
- one specific thing I think we all agree on is that we don't want line items to have to belong to the same price set. There will be some fighting with the code to get there but it's probably an issue that lives outside the bike shed
- in the example above the entity_table is passed in. For memberships that can be inferred from the price_field_value_id, but for event participants there is nothing on the price field or price_field_value that declares something as being event related
- for line items we kinda want to require the minimum required info which varies a bit.... ie
**-- if we have only the line_total (in the line item or just the contribution.total_amount) we can assume**
- the price field id is the default contribution price field
- the quantity is 1
- the unit_price is the line_total
**-- if we have only the qty and the unit_price we can assume**
- the price field id is the default contribution price field
- the line_total is unit_price * qty
**-- if we have only the line_total and the entity_table, which is civicrm_membership we can assume**
- the price field id is the default membership field
**but we require one of membership_type_id or price_field_value_id, from which we can determine amounts **
**-- if we have only the price_field_value id we can assume**
- the amount & price field can be looked up from it. We can assume qty to be 1 unless provided
- We need some way of specifying relevant entity values. (I suspect this is where the rubber hits the brake pads in the bikeshedding process). In the above example I have leveraged `entity_id` in the way we do for other apiv4 related entities. The v3 order api had some ideas about entity parameters which didn't align with our specification that closely - I think they were effectively 'sub-participants' and if we want to add that it might be `'entity_id.registered_participants' => []` perhaps. It's also rather tempting to refer to use `participant_id` to stand in for `entity_id` when it reflects the line....
**3) the add payment.**
We currently chain this - I did include above in the first iteration of this but removed based on the discussion. The world won't end if we don't do that.https://lab.civicrm.org/dev/core/-/issues/4364Afform: Adding forms to menu is not compatible with Customize Navigation Menu2023-10-19T23:44:23ZlarsssandergreenAfform: Adding forms to menu is not compatible with Customize Navigation MenuIf you add a menu item for a form directly in the form, it shows up sort of where you want it (though the interface to set the order is pretty unhelpful, because you basically are guessing what the weight of existing items in the menu mi...If you add a menu item for a form directly in the form, it shows up sort of where you want it (though the interface to set the order is pretty unhelpful, because you basically are guessing what the weight of existing items in the menu might be). However, if you later go to Customize Navigation Menu, you can move the menu item you created around and it looks like it works and it will work for a while, but then later, it will move back to the location and weight set in the form.
This is confusing for users and frustrating if you don't know what's going on. Seems like we need to have just one way to edit the menu. Maybe it makes sense to simply remove the add to menu option from forms and let users add the menu item manually? Or alternately, we need a way for the menu location and weight to only be used on inserting the menu item and to be uneditable in the form afterwards, maybe with a help text that tells you to edit this directly in the menu.https://lab.civicrm.org/dev/core/-/issues/4362civiimport failures with `cv`2023-11-08T00:50:25Zaydunsaidan.saunders@squiffle.ukciviimport failures with `cv`Overview
----------------------------------------
The `civiimport` extension causes log "API Request Authorization failed" messages when using `cv`
Reproduction steps
----------------------------------------
1. On a system where the `ci...Overview
----------------------------------------
The `civiimport` extension causes log "API Request Authorization failed" messages when using `cv`
Reproduction steps
----------------------------------------
1. On a system where the `civiimport` extension is not enabled: run `cv en civiimport`
Also, when installed run `cv flush`
Current behaviour
----------------------------------------
In the log file, note the backtrace:
```
Jun 15 11:26:51 [debug] $API Request Authorization failed = #0 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(153): CRM_Core_Error::backtrace("API Request Authorization failed", TRUE)
#1 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest(Object(Civi\Api4\Generic\DAOGetAction))
#2 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/civiimport/Civi/Api4/Event/Subscriber/ImportSubscriber.php(221): Civi\Api4\Generic\AbstractAction->execute()
#3 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/civiimport/Civi/Api4/Event/Subscriber/ImportSubscriber.php(197): Civi\Api4\Event\Subscriber\ImportSubscriber::getImportForms()
#4 [internal function](): Civi\Api4\Event\Subscriber\ImportSubscriber::on_civi_afform_get(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get", Object(Civi\Core\UnoptimizedEventDispatcher))
#5 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/Event/ServiceListener.php(53): call_user_func_array((Array:2), (Array:3))
#6 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(251): Civi\Core\Event\ServiceListener->__invoke(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get", Object(Civi\Core\UnoptimizedEventDispatcher))
#7 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners((Array:2), "civi.afform.get", Object(Civi\Core\Event\GenericHookEvent))
#8 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(260): Symfony\Component\EventDispatcher\EventDispatcher->dispatch(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get")
#9 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/afform/core/Civi/Api4/Action/Afform/Get.php(40): Civi\Core\CiviEventDispatcher->dispatch("civi.afform.get", Object(Civi\Core\Event\GenericHookEvent))
#10 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/BasicGetAction.php(52): Civi\Api4\Action\Afform\Get->getRecords()
#11 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Provider/ActionObjectProvider.php(72): Civi\Api4\Generic\BasicGetAction->_run(Object(Civi\Api4\Generic\Result))
#12 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\Api4\Provider\ActionObjectProvider->invoke(Object(Civi\Api4\Action\Afform\Get))
#13 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest(Object(Civi\Api4\Action\Afform\Get))
#14 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/afform/core/afform.php(399): Civi\Api4\Generic\AbstractAction->execute()
#15 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(272): afform_civicrm_alterMenu((Array:498))
#16 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook/WordPress.php(136): CRM_Utils_Hook->runHooks((Array:33), "civicrm_alterMenu", 1, (Array:498), NULL, NULL, NULL, NULL, NULL)
#17 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(307): CRM_Utils_Hook_WordPress->invokeViaUF(1, (Array:498), NULL, NULL, NULL, NULL, NULL, "civicrm_alterMenu")
#18 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(251): Civi\Core\CiviEventDispatcher::delegateToUF(Object(Civi\Core\Event\GenericHookEvent), "hook_civicrm_alterMenu", Object(Civi\Core\UnoptimizedEventDispatcher))
#19 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners((Array:1), "hook_civicrm_alterMenu", Object(Civi\Core\Event\GenericHookEvent))
#20 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(260): Symfony\Component\EventDispatcher\EventDispatcher->dispatch(Object(Civi\Core\Event\GenericHookEvent), "hook_civicrm_alterMenu")
#21 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(168): Civi\Core\CiviEventDispatcher->dispatch("hook_civicrm_alterMenu", Object(Civi\Core\Event\GenericHookEvent))
#22 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(661): CRM_Utils_Hook->invoke((Array:1), (Array:498), NULL, NULL, NULL, NULL, NULL, "civicrm_alterMenu")
#23 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(78): CRM_Utils_Hook::alterMenu((Array:498))
#24 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(180): CRM_Core_Menu::xmlItems(TRUE)
#25 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(294): CRM_Core_Menu::items(TRUE)
#26 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(389): CRM_Core_Menu::store()
#27 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Extension/Manager.php(319): CRM_Core_Invoke::rebuildMenuAndCaches(TRUE)
#28 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/api/v3/Extension.php(42): CRM_Extension_Manager->install((Array:4))
#29 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Provider/MagicFunctionProvider.php(89): civicrm_api3_extension_install((Array:3))
#30 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\API\Provider\MagicFunctionProvider->invoke((Array:8))
#31 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(81): Civi\API\Kernel->runRequest((Array:8))
#32 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/api/api.php(22): Civi\API\Kernel->runSafe("Extension", "install", (Array:3))
#33 phar:///home/XXX/private/bin/cv/src/Command/BaseCommand.php(39): civicrm_api("Extension", "install", (Array:3))
#34 phar:///home/XXX/private/bin/cv/src/Command/ExtensionEnableCommand.php(68): Civi\Cv\Command\BaseCommand->callApiSuccess(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput), "Extension", "install", (Array:3))
#35 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Command/Command.php(127): Civi\Cv\Command\ExtensionEnableCommand->execute(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#36 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(637): Cvphar\Symfony\Component\Console\Command\Command->run(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#37 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(190): Cvphar\Symfony\Component\Console\Application->doRunCommand(Object(Civi\Cv\Command\ExtensionEnableCommand), Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#38 phar:///home/XXX/private/bin/cv/src/Application.php(66): Cvphar\Symfony\Component\Console\Application->doRun(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#39 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(101): Civi\Cv\Application->doRun(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#40 phar:///home/XXX/private/bin/cv/src/Application.php(32): Cvphar\Symfony\Component\Console\Application->run()
#41 phar:///home/XXX/private/bin/cv/bin/cv(28): Civi\Cv\Application::main("phar:///home/XXX/private/bin/cv/bin")
#42 /home/XXX/private/bin/cv(14): require("phar:///home/XXX/private/bin/cv/bin/cv")
#43 {main}
```
For `cv flush`:
```
Jun 15 11:35:11 [debug] $API Request Authorization failed = #0 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(153): CRM_Core_Error::backtrace("API Request Authorization failed", TRUE)
#1 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest(Object(Civi\Api4\Generic\DAOGetAction))
#2 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/civiimport/Civi/Api4/Event/Subscriber/ImportSubscriber.php(221): Civi\Api4\Generic\AbstractAction->execute()
#3 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/civiimport/Civi/Api4/Event/Subscriber/ImportSubscriber.php(197): Civi\Api4\Event\Subscriber\ImportSubscriber::getImportForms()
#4 [internal function](): Civi\Api4\Event\Subscriber\ImportSubscriber::on_civi_afform_get(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get", Object(Civi\Core\UnoptimizedEventDispatcher))
#5 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/Event/ServiceListener.php(53): call_user_func_array((Array:2), (Array:3))
#6 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(251): Civi\Core\Event\ServiceListener->__invoke(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get", Object(Civi\Core\UnoptimizedEventDispatcher))
#7 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners((Array:2), "civi.afform.get", Object(Civi\Core\Event\GenericHookEvent))
#8 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(260): Symfony\Component\EventDispatcher\EventDispatcher->dispatch(Object(Civi\Core\Event\GenericHookEvent), "civi.afform.get")
#9 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/afform/core/Civi/Api4/Action/Afform/Get.php(40): Civi\Core\CiviEventDispatcher->dispatch("civi.afform.get", Object(Civi\Core\Event\GenericHookEvent))
#10 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/BasicGetAction.php(52): Civi\Api4\Action\Afform\Get->getRecords()
#11 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Provider/ActionObjectProvider.php(72): Civi\Api4\Generic\BasicGetAction->_run(Object(Civi\Api4\Generic\Result))
#12 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\Api4\Provider\ActionObjectProvider->invoke(Object(Civi\Api4\Action\Afform\Get))
#13 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Api4/Generic/AbstractAction.php(250): Civi\API\Kernel->runRequest(Object(Civi\Api4\Action\Afform\Get))
#14 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/afform/core/afform.php(399): Civi\Api4\Generic\AbstractAction->execute()
#15 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(272): afform_civicrm_alterMenu((Array:498))
#16 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook/WordPress.php(136): CRM_Utils_Hook->runHooks((Array:33), "civicrm_alterMenu", 1, (Array:498), NULL, NULL, NULL, NULL, NULL)
#17 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(307): CRM_Utils_Hook_WordPress->invokeViaUF(1, (Array:498), NULL, NULL, NULL, NULL, NULL, "civicrm_alterMenu")
#18 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(251): Civi\Core\CiviEventDispatcher::delegateToUF(Object(Civi\Core\Event\GenericHookEvent), "hook_civicrm_alterMenu", Object(Civi\Core\UnoptimizedEventDispatcher))
#19 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/vendor/symfony/event-dispatcher/EventDispatcher.php(73): Symfony\Component\EventDispatcher\EventDispatcher->callListeners((Array:1), "hook_civicrm_alterMenu", Object(Civi\Core\Event\GenericHookEvent))
#20 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/Core/CiviEventDispatcher.php(260): Symfony\Component\EventDispatcher\EventDispatcher->dispatch(Object(Civi\Core\Event\GenericHookEvent), "hook_civicrm_alterMenu")
#21 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(168): Civi\Core\CiviEventDispatcher->dispatch("hook_civicrm_alterMenu", Object(Civi\Core\Event\GenericHookEvent))
#22 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Utils/Hook.php(661): CRM_Utils_Hook->invoke((Array:1), (Array:498), NULL, NULL, NULL, NULL, NULL, "civicrm_alterMenu")
#23 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(78): CRM_Utils_Hook::alterMenu((Array:498))
#24 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(180): CRM_Core_Menu::xmlItems(TRUE)
#25 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Menu.php(294): CRM_Core_Menu::items(TRUE)
#26 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php(389): CRM_Core_Menu::store()
#27 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/api/v3/System.php(33): CRM_Core_Invoke::rebuildMenuAndCaches(FALSE, FALSE)
#28 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Provider/MagicFunctionProvider.php(89): civicrm_api3_system_flush((Array:2))
#29 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(158): Civi\API\Provider\MagicFunctionProvider->invoke((Array:8))
#30 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/Civi/API/Kernel.php(81): Civi\API\Kernel->runRequest((Array:8))
#31 /home/XXX/www/www/wp-content/plugins/civicrm/civicrm/api/api.php(22): Civi\API\Kernel->runSafe("System", "flush", (Array:2))
#32 phar:///home/XXX/private/bin/cv/src/Command/BaseCommand.php(39): civicrm_api("System", "flush", (Array:2))
#33 phar:///home/XXX/private/bin/cv/src/Command/FlushCommand.php(28): Civi\Cv\Command\BaseCommand->callApiSuccess(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput), "System", "flush", (Array:2))
#34 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Command/Command.php(127): Civi\Cv\Command\FlushCommand->execute(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#35 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(637): Cvphar\Symfony\Component\Console\Command\Command->run(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#36 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(190): Cvphar\Symfony\Component\Console\Application->doRunCommand(Object(Civi\Cv\Command\FlushCommand), Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#37 phar:///home/XXX/private/bin/cv/src/Application.php(66): Cvphar\Symfony\Component\Console\Application->doRun(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#38 phar:///home/XXX/private/bin/cv/vendor/symfony/console/Application.php(101): Civi\Cv\Application->doRun(Object(Cvphar\Symfony\Component\Console\Input\ArgvInput), Object(Cvphar\Symfony\Component\Console\Output\ConsoleOutput))
#39 phar:///home/XXX/private/bin/cv/src/Application.php(32): Cvphar\Symfony\Component\Console\Application->run()
#40 phar:///home/XXX/private/bin/cv/bin/cv(28): Civi\Cv\Application::main("phar:///home/XXX/private/bin/cv/bin")
#41 /home/XXX/private/bin/cv(14): require("phar:///home/XXX/private/bin/cv/bin/cv")
#42 {main}
```
Both get to `/home/XXX/www/www/wp-content/plugins/civicrm/civicrm/ext/civiimport/Civi/Api4/Event/Subscriber/ImportSubscriber.php(197): Civi\Api4\Event\Subscriber\ImportSubscriber::getImportForms()`
Expected behaviour
----------------------------------------
No errors.
Note that if you run `cv ext import -U admin` or `cv flush -U admin`, these run without errors but are not the normal invocations. I'm not clear if this should be fixed in `cv` or `civiimport`.
`cv` mostly lets you do 'adminy things' without specifying a user. Some actions (like `cv scr`, `cv ev`) need a user but `cv flush` and `cv en`, `cv dis` have not needed this.
Environment information
----------------------------------------
* __CiviCRM:__ 5.62.0 <!-- Not new - issue exists earlier as well. -->
* __PHP:__ 7.4.32
* __cv:__ v0.3.42
Comments
----------------------------------------
ping @tottenhttps://lab.civicrm.org/dev/core/-/issues/4349Migrate "Edit Profile" popup to SearchKit/FormBuilder, kill BackBone2023-06-09T09:14:03ZcolemanwMigrate "Edit Profile" popup to SearchKit/FormBuilder, kill BackBoneCiviCRM includes an entire javascript framework stack, Backbone + Marionette, and only uses it to do one thing: the "Edit Profile" popup.
It wouldn't be quite the same, but I think we could make something equivalent *enough* using Search...CiviCRM includes an entire javascript framework stack, Backbone + Marionette, and only uses it to do one thing: the "Edit Profile" popup.
It wouldn't be quite the same, but I think we could make something equivalent *enough* using SearchKit and Afform and kill off Backbone once and for all.https://lab.civicrm.org/dev/core/-/issues/4340Fix behavior of summary action hook2023-06-09T07:48:33ZyashodhaFix behavior of summary action hookFix behavior of summary action hook to make it indeed useful. The hook needs to called for manipulation at the very last. The hook is being called early and then all the sorting etc takes place, rendering it useless.Fix behavior of summary action hook to make it indeed useful. The hook needs to called for manipulation at the very last. The hook is being called early and then all the sorting etc takes place, rendering it useless.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4332Error in membership status after a) changing membership type followed by b) p...2023-11-23T07:23:38ZJoeMurrayError in membership status after a) changing membership type followed by b) payment failure## Overview
Using a pay later payment when renewing a membership can lead to problems with the membership status, membership end date and membership type being changed at the time of the renewal being initiated ; these fields are update...## Overview
Using a pay later payment when renewing a membership can lead to problems with the membership status, membership end date and membership type being changed at the time of the renewal being initiated ; these fields are updated without a payment being recorded. It is possible that a payment will never be received, or its processing may fail. It is not easy to revert the data to its former state, or what it would have become through time from date of update to when the correction is attempted. For example, a renewal with a delayed payment might change the status from Grace to Current, the End Date from May 14, 2023 to May 14, 2024, and the Membership Type from General to Student.
These are very old problems dating to at least 2013 I believe.
The problem only occurs when both membership types have the same parent organization, and only for paid memberships. It occurs whether the membership period is Rolling or Fixed, and whether a membership type is being changed or not.
## Proposal
Refactor the current implementation so that a second, temporary membership is created that can store the new information without overwriting the old information until a payment is received for it. The new temporary membership would have a status of Pending. The Pending contribution would be related to the temporary rather than existing membership. When the payment is received (status=complete), the Pending membership's information is used to update the permanent membership, and the temporary membership record is deleted.
## Relevant code
In the Contribution Confirmation page postProcess call [legacyProcessMembership](https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Contribution/Confirm.php#L1623), various fields are updated before the doPayment call is processed [here](https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Contribution/Confirm.php#LL1702C42-L1702C51). As a result, the existing membership record is updated with selected membership type/end date/status after user submits a payment but before the code makes payment request, e.g. to a payment processor. This works if the payment went successfully.
In the case of a payment failure such as for IPN payment processors like Paypal Standard (occasionally when there is a delay on getting IPN callback or if the IPN response is not handled properly like https://lab.civicrm.org/dev/core/-/issues/1931) or for a manual Pay Later payment that isn't received, it leaves the selected membership in current/active state with a changed end date and possibly a different membership type. There is no fallback code written to revert the membership state or set it to Pending, and it isn't easy to reconstruct the data.
## New Behaviour
1. When initiating the Payment for Membership Renewal, create a new membership record and link the contribution in pending status to it. Add a new field, renewing_membership_id, to civicrm_membership to hold a reference from this 'temporary' pending membership to the existing membership that is being renewed. The existing membership record remains unchanged.
2. When the contribution status of the related contribution changes to Complete, update the original membership with the information from the temporary membership and delete the temporary membership.
Recommendation: delay the creation of activities for Membership Renewal (id=8), Change Membership Status (id=35) and Change Membership Type (id=36) until the contribution is completed.
Recommendation: create a new Activity Type, Membership Renewal Pending, to be created when the renewal request is received. In its body, provide: "ID of Membership being renewed: xx, Number of Periods: yy, Membership Type: [Label of Membership Type".
## Implementation:
1. Modify [here](https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Contribution/Confirm.php#L2900), CRM_Member_BAO_Membership::getContactMembership and [here](https://github.com/civicrm/civicrm-core/blob/master/CRM/Contribute/Form/Contribution/Confirm.php#L2939).
2. Add / update new / existing unit tests on these new scenarios.EdselopezEdselopezhttps://lab.civicrm.org/dev/core/-/issues/4322Smart groups in group tab for contact too slow2023-05-31T08:18:14ZyashodhaSmart groups in group tab for contact too slowSmart groups in group tab for contact too slow. This should be optimized.Smart groups in group tab for contact too slow. This should be optimized.yashodhayashodhahttps://lab.civicrm.org/dev/core/-/issues/4315Undefined array warnings when editing the emails of a contact2023-06-06T05:54:59ZTobias KrauseUndefined array warnings when editing the emails of a contact- go to a contact
- click on "Add or edit email" when you hover over the email section
On click the following messages appear in watchdog:
```
Warning: Undefined array key "oplock_ts" in include() (Zeile 5 in C:\wamp64\www\civicrm\http...- go to a contact
- click on "Add or edit email" when you hover over the email section
On click the following messages appear in watchdog:
```
Warning: Undefined array key "oplock_ts" in include() (Zeile 5 in C:\wamp64\www\civicrm\httpdocs\sites\default\files\private\civicrm\templates_c\en_US\%%97\973\973BB488%%Email.tpl.php)
Warning: Trying to access array offset on value of type null in include() (Zeile 5 in C:\wamp64\www\civicrm\httpdocs\sites\default\files\private\civicrm\templates_c\en_US\%%97\973\973BB488%%Email.tpl.php)
```
When saving for each email the following error message appears in watchdog:
`Warning: Undefined array key "mailingOutboundOption" in include() (Zeile 37 in C:\wamp64\www\civicrm\httpdocs\sites\default\files\private\civicrm\templates_c\en_US\%%09\098\0983F079%%Email.tpl.php)`https://lab.civicrm.org/dev/core/-/issues/4308CryptoKeys - Converting CryptoException into status messages2023-06-05T14:10:29ZVangelisPCryptoKeys - Converting CryptoException into status messages### Overview
From time to time, we clone/replicate our live sites into our development servers to do some reviews/coding enhancements etc. Since the live sites are having a different key from the development site(s), whenever we try to ...### Overview
From time to time, we clone/replicate our live sites into our development servers to do some reviews/coding enhancements etc. Since the live sites are having a different key from the development site(s), whenever we try to access the path `/civicrm/admin/setting/smtp?reset=1` (and assuming that we had set the configuration to SMTP with a username & password in live), we end up with an exception error: "Failed to find key by ID or tag", leaving us unable to access the page so that we can modify or re-enter the SMTP password.
### Reproduction steps
* Configure `CIVICRM_CRED_KEYS`
* Go to `/civicrm/admin/setting/smtp?reset=1`
* Set up the mailer as SMTP and store a password
* Clone the site's database and filebase (except the `civicrm.settings.php`) into another site OR change the `CIVICRM_CRED_KEYS`
* Try to access the page `/civicrm/admin/setting/smtp?reset=1`. You will get an exception error and the page won't load.
### Expected behaviour
* Manage to get to the page `/civicrm/admin/setting/smtp?reset=1` but throw a status message that there's something wrong with the stored password.
### Proposed solution
* On `/Civi/Crypto/CryptoRegistry.php` convert the `CryptoException`s into Status messages
* On `/Civi/Crypto/CryptoToken.php` check if the variable `$key` is null or set and if not, return the `$plaintext`
This way, even if the system cannot decode/decrypt properly the key, we will still be able to return to the password page but also throw the notices to the visitor.
I'm assuming that this exact behaviour/effect fires up wherever we use the crypto functionality.
I am also aware that in order to fix this, one needs to also configure the *same* `CIVICRM_CRED_KEY` as seen in the live site.
If this makes any sense, I can provide a patch/PR.
### Environment information
* CiviCRM: 5.57
* PHP: 7.4.33
* CMS: Drupal 9.4.15https://lab.civicrm.org/dev/core/-/issues/4291Smarty variable tokens not correctly processed in message subject2023-09-24T22:40:26Zmagnolia61Smarty variable tokens not correctly processed in message subjectOverview
----------------------------------------
Smarty variable tokens are not processed in message subject
Reproduction steps
----------------------------------------
1. In a message template body html we have for instance {capture a...Overview
----------------------------------------
Smarty variable tokens are not processed in message subject
Reproduction steps
----------------------------------------
1. In a message template body html we have for instance {capture assign="firstname"}{contact.first_name}{/capture}
2. We use {$firstname} in the body.
3. We use {$firstname} in the subject.
4. When sending a email manually the subject token gets replaced.
5. When sending via scheduled reminders or civirules the subject token does not get replaced.
6. Worse: our automatic birthday mail batch (civirules) got firstnames of the previous contact (only in the subject)
Current behaviour
----------------------------------------
smart variables are sometimes not correctly replaced as a token in the message subject
Expected behaviour
----------------------------------------
smart variables are sometimes always correctly replaced as a token in the message subject
Environment information
----------------------------------------
- CiviCRM: 5.61.2
- CMS: Drupal 7.97
- PHP: 7.4.33 (fpm-fcgi)
- Database: 10.5.19-MariaDB-0+deb11u2-log engine: InnoDB 10 row format: Dynamic
- Webserver: Apache/2.4.56 (Debian)
- OS: Linux
Comments
----------------------------------------
I will doublecheck if this is only the case with civirules or also with the scheduled remindershttps://lab.civicrm.org/dev/core/-/issues/4290SearchKit: Return results faster by optimizing access check2023-05-15T08:14:11ZlarsssandergreenSearchKit: Return results faster by optimizing access checkThrough some testing, it looks like quite a bit of the execution time for SearchKit results on Compose Search, at least for relatively simple queries, is being spent checking the current user's access to edit or delete the specific entit...Through some testing, it looks like quite a bit of the execution time for SearchKit results on Compose Search, at least for relatively simple queries, is being spent checking the current user's access to edit or delete the specific entity for the View / Edit / Delete menu in the last column. It's not too bad with just 50 rows, but if you increase the page size to 100 or more, there's a pretty perceptible difference between checking the access and skipping that access check. I had a few thoughts about how we could improve this:
1. Since we aren't actually showing the links until the user clicks on the hamburger menu, we could just add the links as usual, but then check access in JS and only unhide those that the user has access to. This way we aren't doing 100 checkAccess API calls per page of 50 entities (one for update, one for delete). This would make the Compose Search page faster as well as any Displays that contain the same menu, but wouldn't help if there are links or buttons in a Display.
2. I think quite a few of the users accessing Compose Search probably have superadmin, so we could check that at the start of the process and then skip the access checks for each row.
3. Maybe it would make sense to make it possible to pass an array of ids to the checkAccess API. I don't know the details of how this works, but imagine that would speed up the process. At least for Contacts, there already is `allowList()`, so maybe this could be implemented just for Contacts without too much trouble.https://lab.civicrm.org/dev/core/-/issues/4276Using profile in create mode with dedupe rule allows for leaking of private i...2023-05-24T06:51:10ZlarsssandergreenUsing profile in create mode with dedupe rule allows for leaking of private informationOverview
----------------------------------------
An anonymous user filling in a profile who leaves fields blank in create mode with deduping enabled will be shown the existing values for those fields if a duplicate is found. So if you h...Overview
----------------------------------------
An anonymous user filling in a profile who leaves fields blank in create mode with deduping enabled will be shown the existing values for those fields if a duplicate is found. So if you have an unsupervised dedupe rule of email only, then anyone can enter a contact's email and leave the remaining fields blank. They will shown existing data for that contact for fields that appear on the profile. This creates the potential to leak private information to anyone who knows minimal information about a contact and potentially could be used maliciously to expose data.
Reproduction steps
----------------------------------------
1. Create a profile that includes the fields in the your unsupervised dedupe rule, plus any other fields desired.
1. Use the profile in create mode anonymously, filling in only the fields required to match to an existing contact and leaving the other fields empty.
1. After submitting the profile, you are shown all the data for the fields left blank for that existing contact.
Current behaviour
----------------------------------------
Profile fields that are submitted blank are shown with existing data on the profile confirmation screen.
Additionally, the confirmation page URL contains both the contact id and checksum for the matched contact, which could be used to access other profiles or forms, exposing additional data.
Expected behaviour
----------------------------------------
All profile fields should be shown exactly as submitted on the profile confirmation screen.
The confirmation page URL should not show the contact id and checksum for the matched contact.
Comments
----------------------------------------
Have marked this confidential, since there is a potential for malicious use.https://lab.civicrm.org/dev/core/-/issues/4270CiviCRM Log File: Dates and Security2023-09-22T18:28:09ZAlanDixonCiviCRM Log File: Dates and SecurityOverview
----------------------------------------
The (text) log file generated by CiviCRM has three issues:
1. The risk of XSS (as described here: https://github.com/adixon/ca.civicrm.logviewer/issues/11)
2. The formatting of date/times...Overview
----------------------------------------
The (text) log file generated by CiviCRM has three issues:
1. The risk of XSS (as described here: https://github.com/adixon/ca.civicrm.logviewer/issues/11)
2. The formatting of date/times that are dependent on locale (as noted here: https://github.com/adixon/ca.civicrm.logviewer/pull/10)
3. The timezone of the date/time which is dependent on the source of the error but not specified in the output (i.e. the date time is of unknown and indeterminate timzeone).
Expected behaviour
----------------------------------------
1. I would expect the date/time of the error to be consistent and machine parseable and the timezone explicit.
2. I would expect the urls in the file to be XSS safe.
Comments
----------------------------------------
As per @bgm the log file date/times may be coming from a PEAR package.